Avoiding Keystroke Loggers
Spyware is a term applied
to software applications that log a user's data and reports the information
back to the program's creator. The
effects it has ranges widely from annoying pop-up ads to more dangerous
security breaches such as browser hijacking and the installation of backdoors
which can leave a user exposed to hacking attacks and identity theft.
Malicious coders use a
number of ways to install spyware. One
of the most common ways involves ad-based software in which a user is enticed
to download it for free. Other sources
of infection include IM (instant messaging), peer-to-peer programs, download
manager utilities, online games and pornographic web sites. The Microsoft Internet Explorer web browser
has also been known to be rather vulnerable against spyware and many other
exploits. All of these methods can be
used to install one of the most dangerous types of spyware, the keystroke
logger.
What are Keystroke
Loggers?
A keystroke logger, more
commonly termed as a keylogger, is a program or device used to track a victim's
activity online. Like most types of
spyware, a keystroke logger typically logs a user's information and then
reports it back to the originator. These
logs can be easily used to collect usernames, credit card details, bank account
numbers and other sensitive information.
Although keystroke
loggers have been existence for some time, the growing problem of spyware has
warranted a renewed level of concern.
Considering how easy it is to be compromised, all internet users need to
be aware of this detrimental infection.
Types of keystroke
loggers
Hardware loggers -
small inline devices that are typically inserted between a keyboard and
computer. The small size enables them to
go undetected for extended periods of time, although physical access to the
machine is required. These devices have
the ability to capture numerous keystrokes including email usernames, passwords
and bank account numbers.
Hooking Mechanisms
- this type of logging is achieved by software using "SetWindowsHookEx", a
function in Windows operating systems that monitors keystrokes. It usually comes packaged as an EXE. (executable)
file which initiates the hook function, along with a DLL. (Dynamic Link
Library) file which handles logging functions.
Kernel/driver loggers
- this type of keystroke logger is at the kernel level of the operating system
and receives information directly from an input device, which is typically a
keyboard.
It replaces the core
application for interpreting a user's keystrokes and can be programmed in a way
that makes it nearly undetectable as it is executed on a system boot before
user-level applications are initiated.
Protecting your
Information
It is very essential to
carefully monitor the sites you visit on the web and the programs you download
from the internet. One wrong move and
your computer can be easily compromised with spyware and other nasty
infections.
Here are a few tips to
keep you safe against keystroke loggers:
• remain cautious of spam emails
• never open a file attached to a spam
email
• never click "OK" on a pop-up window
without carefully reading it first
• implement a firewall component to
prevent unauthorized access to your computer
• frequently run a full system scan of
your computer with quality security software
As spyware
becomes more prevalent, experts suggest that the best protection comes with
installing anti-spyware software. This
type of program will not only detect, but destroy keystroke logger applications
and other popular forms of spyware.
